CT scans are essential tools that help doctors detect various medical conditions. Health professionals rely on the accuracy of these technologies because a misdiagnosis can be fatal. Unfortunately, this vital technology is vulnerable to hackers. Researchers have recently created malware that can add or remove fake carcinogenic nodules from computed tomography (CT) scans and magnetic resonance imaging (MRI) scans.
Researchers at the Center for Cyber Security Research at the University of Israel have developed malware that can modify CT scans and MRI scans. During the research, they showed radiological exams of actual pulmonary tomography, of which 70 had been altered. At least three radiologists were cheated almost every time.
Computed tomography of a brain trauma. Image of Rehman T, Ali R, Tawil I and Yonas H via Wikimedia Commons
Radiologists diagnosed 99% of cancer when presenting images with added nodules and stated that the patient was healthy in 94% when presented with examinations in which real nodules had been removed. Radiologists continued to misinterpret scans, even when they said some of them were fake. The malware has fooled other lung cancer screening software. This specific study focused on computed tomography of the lungs, but it is believed that the malware would work on a variety of computed tomography and MRI scans.
How were these researchers able to change the CT scans? Computed tomography and magnetic resonance imaging are transmitted through archiving and image communication systems (PACS). Hospitals typically do not digitally sign their scans and PACS are often unencrypted. Many hospitals believe that hackers can not access their internal networks and therefore do not bother with encryption. Researcher Yisroel Mirsky noted that hospitals are very concerned about privacy, but "what happens inside the [hospital] system itself, which no normal person should have access to in general, they tend to be quite lenient [about]. It's not … they do not mind. It's just that their priorities are set elsewhere. "
Unfortunately, many PACS are still connected to the Internet or can be accessed through other connected hospital devices. Hackers can insert malware when connected. PACS encryption technology exists, but is generally incompatible with older PACS networks.
It is never fun to be a victim of malware, but it can be particularly dangerous when such malware can lead to a disastrous diagnostic error. The aim of the study was to draw attention to the vulnerabilities of computed tomography and magnetic resonance imaging machines. Researchers expect hospitals to begin enabling end-to-end encryption in their PACS networks to prevent such dangerous attacks.
Image Credit: Wikimedia Commons Author